We claim: 

1. a method of providing assertions comprising the steps 
of: 

selling a pool of unallocated time; 

upon request, generating an assertion having a 
lifetime and subtracting the lifetime from the unallocated 
time; and 

upon request, revoking an assertion and adding any 
remaining lifetime of the assertion to the unallocated time. 

2 . The method of claim 1 comprising the further step of 
eroding unallocated time over time. 

3. a system for managing assertions between names and 
public keys, the system comprising: 

a repository containing an unallocated time, the 
unallocated time indicating an amount of time available for 
assertions; 

a purchase component adapted to add a requested bulk 
lifetime to the unallocated time; 

a request component adapted to, upon generation of an 
assertion having a requested lifetime, deduct the requested 
lifetime from the unallocated time; and 

a revocation component adapted to, upon revocation of 
an assertion having a remaining lifetime, add the remaining 
lifetime to the unallocated time. 

4. The system of claim 3 wherein each assertion is a 
public key certificate. 
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5. The system of claim 3 further adapted to: 

monitor when the unallocated time falls below a 
threshold, and 

notify a user associated with the unallocated time if 
5 the unallocated time falls below the threshold. 

6. The system of claim 3 wherein the request component 
determines whether the requested lifetime is greater than the 
unallocated time, and if the requested lifetime is greater than 
the unallocated time, presents the user with a set of options 

10 for remedying the insufficiency of the unallocated time, 

7. A processing platform implemented method of 
processing a request for an assertion between a name and a 
public key, the method comprising the steps of: 

maintaining an unallocated time, the unallocated time 
15 being time available for assertions; 

accepting a request for an assertion and a requested 

lifetime; 



determining whether the unallocated time is greater 
than or equal to the requested lifetime; and 

2 0 upon determining that the unallocated time is greater 

than or equal to the requested lifetime, deducting the 
requested lifetime from the unallocated time. 

8 . The method of claim 7 comprising the further step of 
forwarding the request for an assertion to an entity 

25 responsible for generating assertions. 

9. The method of claim 7 wherein the assertion is a 
public key certificate. 
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10. The method of claim 7 comprising the further step of 
eroding the unallocated time over time. 

11. A processing platform implemented method of 
processing a request for revocation of an assertion between a 

5 name and a public key, the method comprising the steps of: 

maintaining an unallocated time, the unallocated time 
being time available for assertions; 

identifying an assertion to be revoked, the assertion 
having a remaining lifetime; and 

10 adding the remaining lifetime to the unallocated 

time . 

12 . The method of claim 11 wherein the assertion is a 
public key certificate. 

13 . A memory for storing data for access by an 

15 application program being executed on a data processing system, 
comprising : 

a data structure stored in the memory, the data 
structure including information resident in a database used by 
the application program and including at least one entry, each 
20 entry including: 

an account identification field which identifies an 

account; 

a user identification field which provides access 
control to the account; and 

25 an unallocated time field which identifies an amount 

of time available to the account for allocation to assertions 
between names and public keys. 



77666-10 



18 

14. An article of manufacture comprising a computer- 
readable storage medium, the computer-readable storage medium 
containing instructions for: 

generating an entry in a repository, the entry 
including an unallocated time; 

receiving a request for a purchase of bulk lifetime; 

adding the bulk lifetime to the unallocated time, in 
the event that a request for a purchase of bulk lifetime is 
received; 

receiving a request for an assertion and a requested 
lifetime, the assertion being between a name and a public key; 

deducting the requested lifetime from the unallocated 
time, in the event that a request for an assertion is received; 

receiving an identification of an assertion to be 
revoked, the assertion having a remaining lifetime; and 

adding the remaining lifetime to the unallocated 
time, in the event that an identification of an assertion to be 
revoked is received. 

15. A system for allocating assertions comprising: 

means for allocating a pool of unallocated time 
available for assertion validity; 

means for processing a request for an assertion 
having a lifetime, the means for processing the request 
subtracting the lifetime from the unallocated time; and 

means for processing a revocation of an existing 
assertion by determining any remaining lifetime of the existing 
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assertion and adding at least a portion of the remaining 
lifetime of the assertion to the unallocated time. 

16. The system of claim 15 further comprising: 

means for monitor when the unallocated time falls 
5 below a threshold, and for notifying a user associated with the 
unallocated time if the unallocated time falls below the 
threshold. 
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